Aggregator

这个世界最刺激的事情莫过于脱离现状、摆脱束缚、迎接挑战，而网络黑客几乎能够满足这一切刺激的幻想，这是最吸引人的地方。然而对于旅游的人来说，爬山是兴奋的；对于景区捡垃圾的人，爬山只是为了完成生计。当黑客成为了生计，则有可能不再一切尽如人意！

这个世界最刺激的事情莫过于脱离现状、摆脱束缚、迎接挑战，而网络黑客几乎能够满足这一切刺激的幻想，这是最吸引人的地方。然而对于旅游的人来说，爬山是兴奋的；对于景区捡垃圾的人，爬山只是为了完成生计。当黑客成为了生计，则有可能不再一切尽如人意！

flask Flask 是一个 web 框架。也就是说 Flask 为你提供工具，库和技术来允许你构建一个 web 应用程序。这个 wdb 应用程序可以使一些 web 页面、博客、wiki、基于 web 的日历应用或商业网站。 Flask 属于微框架（micro framework）这一类别，微架构

The sun has finally set on The International Consumer Electronics Show (CES) in Las Vegas. Every year, practically everyone in...

The post That’s a Wrap! Read the Top Technology Takeaways From CES 2019 appeared first on McAfee Blog.

KoiPhish is a simple yet beautiful relay proxy idea.

The idea for this little project goes back many years. Since I started learning Golang I figured it would be good exercise to finally go ahead an implement it. So, last December during the 35C3 (which is always inspiring congress) I wrote it up.

It relays requests a client makes to the KoiPish to the actual target and responses are sent back to the client. On the way in and out common links are overwritten in order to not break the user experience and functionality.

rsync rsync，remote synchronize顾名思意就知道它是一款实现远程同步功能的软件，它在同步文件的同时，可以保持原来文件的权限、时间、软硬链接等附加信息。 rsync是用 “rsync 算法”提供了一个客户机和远程文件服务器的文件同步的快速方法，而且可以通过ssh方式来传输文件

Patching is a tedious and relentless task, but like brushing your teeth to prevent cavities, it keeps holes from forming in your infrastructure.

Patching is a tedious and relentless task, but like brushing your teeth to prevent cavities, it keeps holes from forming in your infrastructure.

ph师傅的代码审计CTF题目 https://code-breaking.com

It is possible that the need to upgrade and replace systems in the lead-up to 2038 will force the retirement of some remaining IPv4-only systems and networks.

漏洞原理 Fastcgi Fastcgi是一个通信协议，和HTTP协议一样，都是进行数据交换的一个通道。HTTP协议是浏览器和服务器中间件进行数据交换的协议，浏览器将HTTP头和HTTP体用某个规则组装成数据包，以TCP的方式发送到服务器中间件，服务器中间件按照规则将数据包解码，并按要求拿到用户需要

Large, high-profile data breaches have eroded public trust in data processors. We must adapt our practices in turn.

Large, high-profile data breaches have eroded public trust in data processors. We must adapt our practices in turn.

Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide.

Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide.

统计学2: 现代概率

现代概率的一大特征是概率不确定性.古代概率研究的骰子可以认为每面的概率是1/6, 但是统计天气的时候, 就没有理由认为晴天和雨天的概率都是1/2.

The breathtaking pace at which everyone and everything is becoming connected is having a profound effect on digital business, from delivering exceptional experiences, to ensuring the security of your customers, applications, and workforce....

Just a list of useful notes when dealing with Macs. I’m pretty new to Macs and there might be other, better solutions to the challenges I had to sovle but these worked for me and I’m learning. :)

Pivoting between accounts and keychain issues

After pivoting on a target host and elevating to root it seems not possible to gain access to other keychains easily. It requires to know the password of the other account still. Just running

统计与概率1 古典概率 概率的一个定义是一件事发生的一个情况的几率. 也可以表示成$f(\Omega, \omega, \varrho)$ 古典概率研究的是比较简单的情况, 例如硬币

近期的 Exchange CVE-2018-8581 事件，没人写得比我深入吧？